---
# General
nexus_version: latest # Or: 3.27.0-03, 3.26.0-04, ..., 3.21.2-03

## Owner
nexus_user: nexus
nexus_group: nexus

## Operative system 
os : unix # options: unix/win64/mac
java_version: 11

# Service options

## start on boot
nexus_service_enabled: True
# current state: started, stopped
nexus_service_state: started

## Files & Paths
nexus_installation_path: /opt/nexus
nexus_log_path: /var/log/nexus
nexus_data_path: /var/nexus
nexus_tmp_path: "{{ nexus_data_path }}/tmp"

## Port & host
nexus_host: localhost
nexus_port: 8081
nexus_context_path: /

## JMX
nexus_jmx_enabled: false
nexus_jmx_port: 9010
nexus_jmx_remote: "true"
nexus_jmx_local: "false"
nexus_jmx_authenticate: "false"
nexus_jmx_ssl: "false"

nexus_java_xms: 2G
nexus_java_xmx: 2G
nexus_java_xxmaxdirectmemorysize: 2703m
nexus_max_filedescriptors: 65536

# SECURITY
nexus_admin_password: admin123
nexus_anonymous_access: true

# VM Options
nexus_vm_options_template: nexus.vmoptions.j2
nexus_jvm_custom_options: []

## LDAP
## https://books.sonatype.com/nexus-book/3.0/reference/security.html
nexus_ldap_authentication: false
nexus_ldap_configs:
  - name: main_ldap
    protocol: ldap # ldap | ldaps
    host: localhost
    port: 10389
    use_trust_store: false
    manager_dn: uid=admin,ou=system
    password: secret
    base_dn: ou=basicauth,ou=users,ou=axis,o=abc,c=au
    search_base: dc=mycompany,dc=net
    filter: (uid={0})
    user_object_class: inetOrgPerson # ..., person, user or posixAccount
    user_id_attribute: uid
    user_real_name_attribute: cn
    user_email_attribute: mail
    user_subtree: true
    map_groups_as_roles: false
    group_type_dynamic: false
    user_member_of_attribute: memberOf
    group_base_dn: cn=builtin
    group_object_class: group
    group_id_attribute: sAMAccountName
    group_member_attribute: member
    group_member_format: ${dn}
    group_subtree: false

## ROLES
nexus_roles: []
# example role item
#  - id: Developer
#    name: developer
#    description: All developers
#    privileges:
#      - nx-search-read
#    roles: []
#  - id: Deployer
#    name: deployer
#    description: All deployers
#    privileges:
#      - nx-repository-admin-*-*-*
#    roles:
#      - Developer

## USERS
nexus_users: []
# example user item :
#  - username: jenkins # used as key to update
#    first_name: Jenkins
#    last_name: CI
#    email: support@company.com
#    password: "s3cr3t"
#    roles:
#      - Deployer

## REALMS
nexus_realms: []
## Available realms: DockerToken, NpmToken, NuGetApiKey, rutauth-realm
# example realm :
#  - name: NuGetApiKey
#    enabled: true

# SYSTEM
## CAPABILITIES
nexus_capability_branding_header: ""
nexus_capability_branding_footer: "Last provisionned {{ ansible_date_time.iso8601 }}"

## TASKS
nexus_scheduled_tasks: []
#  example task to compact blobstore :
#  - name: compact-blobstore
#    cron: '0 0 22 * * ?'
#    typeId: blobstore.compact
#    taskProperties:
#      blobstoreName: 'default' # all task attributes are stored as strings by nexus internally

# BLOBSTORES
nexus_delete_default_blobstore: true
nexus_blobstores_split: false

# CLEANUP POLICIES
nexus_cleanup_policies: []
  # - name: test
  #   format: [all | bower | docker | gitlfs | maven2 | npm | nuget | pypi | raw | rubygems | yum]
  #   notes: Remove maven snapshots older than 30 days - Not mandatory
  #   criteria:
  #     published_before: # Number in days - Not mandatory
  #     last_download_before: # Number in days - Not mandatory
  #     is_pre_release: # [true | false] Not mandatory

# REPOSITORIES
nexus_delete_default_repositories: true

## MAVEN
nexus_maven_enable: true
nexus_repositories_maven:
  proxy:
    - name: maven-central
      remote_url: https://repo1.maven.org/maven2/
      layout_policy: permissive
    - name: maven-jboss
      remote_url: https://repository.jboss.org/nexus/content/groups/public-jboss/
    #- name: maven-oracle
    #  remote_url: https://maven.oracle.com
    #  remote_username: ***
    #  remote_password: ***
    #  enableCircularRedirects: true
    #  enableCookies: true
    #  timeout: 10
    #  retries: 5
  hosted:
    - name: maven-snapshots
      version_policy: snapshot
      write_policy: allow
    - name: maven-releases
      version_policy: release
      write_policy: allow_once
  group:
    - name: maven-public
      member_repos:
        - maven-central
        - maven-jboss
        - maven-snapshots
        - maven-releases

## DOCKER
nexus_docker_enable: false
nexus_docker_proxy_port: 9080
nexus_docker_hosted_port: 9081
nexus_docker_group_port: 9082
nexus_repositories_docker:
  proxy:
    - name: docker-proxy
      http_port: "{{ nexus_docker_proxy_port }}"
      v1_enabled: True
      index_type: HUB
      proxy_url: https://registry-1.docker.io
      use_nexus_certificates_to_access_index: false
  hosted:
    - name: docker-hosted
      http_port: "{{ nexus_docker_hosted_port }}"
      v1_enabled: True
      latest_policy: False
  group:
    - name: docker-public
      http_port: "{{ nexus_docker_group_port }}"
      v1_enabled: True
      member_repos:
        - docker-hosted
        - docker-proxy

## NPM
nexus_npm_enable: false
nexus_repositories_npm:
  proxy:
    - name: npm-proxy
      remote_url: https://registry.npmjs.org
  hosted:
    - name: npm-hosted
  group:
    - name: npm-public
      member_repos:
        - npm-hosted
        - npm-proxy

## NUGET
nexus_nuget_enable: false
nexus_repositories_nuget:
  proxy:
    - name: nuget.org-proxy
      remote_url: https://www.nuget.org/api/v2/
  hosted:
    - name: nuget-hosted
  group:
    - name: nuget-public
      member_repos:
        - nuget.org-proxy
        - nuget-hosted

## PYPI
nexus_pypi_enable: false
nexus_repositories_pypi:
  proxy:
    - name: pypi-proxy
      remote_url: https://pypi.python.org/
  hosted:
    - name: pypi-hosted
  group:
    - name: pypi-public
      member_repos:
        - pypi-proxy
        - pypi-hosted

## RAW
nexus_raw_enable: false
nexus_repositories_raw:
  proxy:
    - name: raw-proxy
      remote_url: https://example.org/
  hosted:
    - name: raw-hosted
  group:
    - name: raw-public
      member_repos:
        - raw-proxy
        - raw-hosted

## COMPOSER
nexus_composer_enable: false
nexus_repositories_composer:
  plugin_version: 0.0.29
  proxy:
    - name: composer-proxy
      remote_url: https://packagist.org/
  hosted:
    - name: composer-hosted
  group:
    - name: composer-public
      member_repos:
        - composer-hosted
        - composer-proxy

# MISCELLANEOUS
nexus_force_reinstall: false

## Agent configuration (optional)
nexus_agents_force_reinstall: false
nexus_agents_required_libs:
  - unzip
  - apt-transport-https

# nexus_agents_config:
#   - name: "agent_name"
#     download_url: "download_url"
#     version: "x.x.x"
#     vm_opts:
#       - -javaagent:{{ nexus_installation_path }}/agent_name/agent_file
#       - -agentflag2
#     configuration_files:
#       - "configuration_file.yml"
#     params: {
#       application_name: "application_name",
#       license_key: "license_key"
#     }
